de5f335618
Fix formatting
2020-08-17 11:53:39 -05:00
0c34c2559e
Remove no-op Nokogiri::XML pretty printing
...
ea1f3d60f1
2020-08-17 11:16:11 -05:00
27ae6c4edd
Land #13986 , Add CVE-2020-16205 exploit for Geutebruck G-CAM
2020-08-17 09:24:32 -05:00
ea1f3d60f1
Adjust XML whitespace and add commands to the setup docs
2020-08-17 10:03:44 -04:00
eda222434f
Execute commands in a shell
2020-08-14 21:46:34 -05:00
22cf22fe53
Fix ARCH_CMD payload
...
Currently, we're not invoking within a shell.
2020-08-14 21:46:34 -05:00
f151c511bc
Explain what we're doing in the check
2020-08-14 21:46:34 -05:00
d3febe3284
Set SSL as a DefaultOption and update RPORT
2020-08-14 21:46:34 -05:00
46b6368597
Add Apache OFBiz XML-RPC Java deserialization
2020-08-14 21:46:34 -05:00
4a8b64a12f
Use WritableDir in execute_cmdstager, too
2020-08-14 21:07:08 -05:00
93fa66bfc5
Update geutebruck_testaction_exec.rb
...
And a fix for the fix ;)
I guess now everything will work as intended !
2020-08-15 00:56:53 +02:00
1da359ee01
Merge with last fix. This fix just fixes a issue with a method call as I tried calling the nonexistant method .true?
2020-08-14 17:49:02 -05:00
896c8aacae
Add in AutoCheck mixin so that we ensure targets are vulnerable before attempting to exploit them.
2020-08-14 17:27:39 -05:00
898f94320c
Add in fixes to check method so that the code will return the correct status if the connection fails
2020-08-14 17:18:31 -05:00
f3fdcf4343
Update geutebruck_testaction_exec.rb
...
Oops sorry, don't know what this "return true" was doing there.
2020-08-14 23:56:21 +02:00
f726967ba7
Update geutebruck_testaction_exec.rb
...
with the updated check using `Gem::Version`
2020-08-14 23:17:26 +02:00
a6f7c0c0de
Backport miscellaneous fixes to my modules
2020-08-14 13:40:23 -05:00
0dc53c46d4
Apply Rubocop fixes I forgot about and update the module description to add in missing information about affected parameters
2020-08-13 15:23:09 -05:00
c59b3835f9
Fix up module description to have better sentence structure and English and to also include the actual versions of the products that were affected in addition to the firmware versions. This prevents people from having to read the documentation to find affected targets
2020-08-13 15:18:10 -05:00
3c70f37dbe
Update exploit ranking to reflect the fact that this is a CMD Injection vulnerability with no chance of crashing the host
2020-08-13 14:40:33 -05:00
959689d5de
Update geutebruck_testaction_exec.rb
...
Fixed rubocop offenses / msftidy warnings and added @bcoles enhancements.
2020-08-13 14:29:31 -05:00
5f6a0746a6
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
a69d941a72
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
4ceb542fac
Update modules/exploits/linux/http/geutebruck_testaction_exec.rb
...
Co-authored-by: bcoles <bcoles@gmail.com >
2020-08-13 14:29:30 -05:00
a5e25f5a42
Add exploit for Geutebruck G-CAM
2020-08-13 14:29:28 -05:00
d5d4716b1c
Update TMSH escape reliability notes
...
What's strange is that if the stars align, like if the system has been
"used" enough, the exploit is incredibly reliable. Maybe my test
environment is bonkers.
2020-07-17 06:26:00 -05:00
c082ccd337
Make Meterpreter the default target
2020-07-17 06:10:53 -05:00
1ae689ce5f
Improve robustness by refactoring error handling
...
tmshCmd.jsp is extremely unreliable!
2020-07-17 05:23:42 -05:00
7e7881fbfa
Land #13730 , Add Pandora FMS Events Remote Code Execution (CVE-2020-13851) module and docs
2020-07-11 13:10:47 +01:00
c61f34ed16
Land #13596 , [GSoC] SQLi library with support to MySQL (and MariaDB)
2020-07-10 13:45:47 -05:00
957042f0a3
Nuke redundant force-exploit advanced option
2020-07-09 17:24:19 -04:00
df42399f61
Add installation instructions to docs
2020-07-09 17:20:07 -04:00
dc34acd070
Push to test autocheck issue
2020-07-09 16:43:18 -04:00
6bb20f41d8
Code review changes
2020-07-09 15:21:13 -05:00
36397a3e8f
Add cmdstager support
2020-07-09 15:21:12 -05:00
3ac3dcb3cf
Incorporate suggestios from code review
2020-07-09 15:21:12 -05:00
c2abb40890
Fix HTTP timeout
2020-07-09 15:21:12 -05:00
3eceeca911
Add Pandora FMS Events Remote Code Execution module and docs
2020-07-09 15:21:12 -05:00
398c13a1b2
Add Mikhail Klyuchnikov's writeup as a reference
2020-07-08 14:36:42 -05:00
ee240393f4
Credit Mikhail Klyuchnikov for CVE-2019-19781
2020-07-08 14:35:16 -05:00
d726a2cdcb
Fix a few final things
2020-07-07 12:06:05 -05:00
c8176b803a
Add version information to the description
2020-07-06 16:24:22 -05:00
7ef4cb64ad
Tweak timeouts to avoid a race condition
2020-07-06 14:30:27 -05:00
be90526d5f
Add vuln discovery credit and reference
2020-07-06 14:26:52 -05:00
41bb4d3a8d
Add dir_trav method back in
...
I was wondering why I refactored it away. Oh, I needed it.
2020-07-05 18:23:45 -05:00
1f765d0e1f
Upgrade CheckCodes, since the dir traversal passed
2020-07-05 16:29:53 -05:00
6e7701ba21
Add rudimentary check method
2020-07-05 16:18:03 -05:00
0417e88ff2
Add F5 BIG-IP TMUI RCE (CVE-2020-5902)
2020-07-05 15:22:15 -05:00
36b5d237fa
Make cmd/unix target types consistent to :unix_cmd
...
There were some using :unix_command, and it was just an oversight.
2020-07-05 11:16:47 -05:00
ffc07d6c8f
Merge remote-tracking branch 'upstream/master' into pr/13787
2020-07-01 14:42:16 -05:00
William Vu